We're small company, that provides: register, dns, web-hosting etc.
We have multiple problem with validation our domain with, lets encrypt, problem is in our DNS system, but we don't know where.
Letsencrypt server give us cryptic answer and we don't know where error.
My domain is: hbz.pl (including subdomains), i tested on: newtest1.hbz.pl (w/o www.)
I ran this command (this problem persist in FreeSSL (command line), acme.sh, certbot
It produced this outputs (one of two):
- DNS problem: SERVFAIL looking up CAA for hbz.pl - the domain's nameservers may be malfunctioning.
- DNS problem: SERVFAIL looking up A for newtest1.hbz.pl- the domain's nameservers may be malfunctioning.
Also there is similar problem with DNS validation
My web server is (include version): multiple, don't depend.
The operating systems my web server runs on windows (le32), linux - multiple versions.
My hosting provider, if applicable, is: myself
I can login to a root shell on my machine: yes
I'm using a control panel to manage my site: sometimes shell root (le32,acme.sh), sometimes ISPConfig
What i tested:
https://check-your-website.server-daten.de/?q=hbz.pl
https://check-your-website.server-daten.de/?q=newtest1.hbz.pl
- there is no errors in DNSs.
Also i tested
dnsperf.exe -l 30 -d hbz.dns.input -s hbz.hbz.com.pl (and other servers)
File contents:
hbz.pl A
hbz.pl CAA
I got average 8k answer per second with less then 0.1% fail.
Also "DiG" ( dig caa hbz.pl @ns4.hbz.pl) give me right answer.
But after several (3-8) tries we validate domain successfuly.